About the security content of iOS 7

This document describes the security content of iOS 7.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Apps could bypass passcode-attempt restrictions

&NewLine;

Description: A privilege separation issue existed in Data Protection. An app within the third-party sandbox could repeatedly attempt to determine the user's passcode regardless of the user's "Erase Data" setting. This issue was addressed by requiring additional entitlement checks.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-0957 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Data Security

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

&NewLine;

Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security &lpar;TLS&rpar;. This update added the involved sub-CA certificate to OS X's list of untrusted certificates.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5134

&NewLine;

&NewLine;

&NewLine;

&NewLine;

dyld

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots

Description: It was possible for background applications to inject user interface events into the foreground application using the task completion or VoIP APIs. This issue was addressed by enforcing access controls on foreground and background processes that handle interface events.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5137 : Mackenzie Straight at Mobile Labs

&NewLine;

&NewLine;

&NewLine;

&NewLine;

IOKitUser

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: A malicious local application could cause an unexpected system termination

&NewLine;

Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5138 : Will Estes

&NewLine;

&NewLine;

&NewLine;

&NewLine;

IOSerialFamily

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Executing a malicious application may result in arbitrary code execution within the kernel

&NewLine;

Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5139 : &commat;dent1zt

&NewLine;

&NewLine;

&NewLine;

&NewLine;

IPSec

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by improved certificate checking.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-1028 : Alexander Traud of www.traud.de

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Kernel

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: A remote attacker can cause a device to unexpectedly restart

&NewLine;

Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments.

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: A malicious local application could cause device hang

&NewLine;

Description: An integer truncation vulnerability in the kernel socket interface could be leveraged to force the CPU into an infinite loop. The issue was addressed by using a larger sized variable.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5141 : CESG

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Kernel

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: An attacker on a local network can cause a denial of service

&NewLine;

Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum.

&NewLine;

CVE-ID

&NewLine;

CVE-2011-2391 : Marc Heuse

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Kernel

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Kernel stack memory may be disclosed to local users

&NewLine;

Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Kernel

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation

&NewLine;

Description: An information disclosure issue existed in the mach&lowbar;port&lowbar;space&lowbar;info API. This issue was addressed by initializing the iin&lowbar;collision field in structures returned from the kernel.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-3953 : Stefan Esser

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Kernel

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel

&NewLine;

Description: A memory corruption issue existed in the handling of arguments to the posix&lowbar;spawn API. This issue was addressed through additional bounds checking.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-3954 : Stefan Esser

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Kext Management

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: An unauthorized process may modify the set of loaded kernel extensions

&NewLine;

Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5145 : "Rainbow PRISM"

&NewLine;

&NewLine;

&NewLine;

&NewLine;

libxml

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution

&NewLine;

Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0.

&NewLine;

CVE-ID

&NewLine;

CVE-2011-3102 : Jüri Aedla

&NewLine;

CVE-2012-0841

&NewLine;

CVE-2012-2807 : Jüri Aedla

&NewLine;

CVE-2012-5134 : Google Chrome Security Team &lpar;Jüri Aedla&rpar;

&NewLine;

&NewLine;

&NewLine;

&NewLine;

libxslt

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution

&NewLine;

Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28.

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: A person with physical access to the device may be able to bypass the screen lock

&NewLine;

Description: A race condition issue existed in the handling of phone calls and SIM card ejection at the lock screen. This issue was addressed through improved lock state management.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5147 : videosdebarraquito

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Personal Hotspot

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: An attacker may be able to join a Personal Hotspot network

&NewLine;

Description: An issue existed in the generation of Personal Hotspot passwords, resulting in passwords that could be predicted by an attacker to join a user's Personal Hotspot. The issue was addressed by generating passwords with higher entropy.

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: The push notification token may be disclosed to an app contrary to the user's decision

&NewLine;

Description: An information disclosure issue existed in push notification registration. Apps requesting access to the push notification access received the token before the user approved the app's use of push notifications. This issue was addressed by withholding access to the token until the user has approved access.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5149 : Jack Flintermann of Grouper, Inc.

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Safari

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

&NewLine;

Description: A memory corruption issue existed in the handling of XML files. This issue was addressed through additional bounds checking.

&NewLine; &NewLine;

CVE-ID

&NewLine;

CVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Safari

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: History of pages recently visited in an open tab may remain after clearing of history

&NewLine;

Description: Clearing Safari's history did not clear the back/forward history for open tabs. This issue was addressed by clearing the back/forward history.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5150

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Safari

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Viewing files on a website may lead to script execution even when the server sends a 'Content-Type: text/plain' header

&NewLine;

Description: Mobile Safari sometimes treated files as HTML files even when the server sent a 'Content-Type: text/plain' header. This may lead to cross-site scripting on sites that allow users to upload files. This issue was addressed through improved handling of files when 'Content-Type: text/plain' is set.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5151 : Ben Toews of Github

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Safari

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Visiting a malicious website may allow an arbitrary URL to be displayed

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Applications that are scripts were not sandboxed

&NewLine;

Description: Third-party applications which used the &num;&excl; syntax to run a script were sandboxed based on the identity of the script interpreter, not the script. The interpreter may not have a sandbox defined, leading to the application being run unsandboxed. This issue was addressed by creating the sandbox based on the identity of the script.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5154 : evad3rs

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Sandbox

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Applications can cause a system hang

&NewLine;

Description: Malicious third-party applications that wrote specific values to the /dev/random device could force the CPU to enter an infinite loop. This issue was addressed by preventing third-party applications from writing to /dev/random.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5155 : CESG

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Social

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Users recent Twitter activity could be disclosed on devices with no passcode.

&NewLine;

Description: An issue existed where it was possible to determine what Twitter accounts a user had recently interacted with. This issue was resolved by restricting access to the Twitter icon cache.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5158 : Jonathan Zdziarski

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Springboard

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: A person with physical access to a device in Lost Mode may be able to view notifications

&NewLine;

Description: An issue existed in the handling of notifications when a device is in Lost Mode. This update addresses the issue with improved lock state management.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5153 : Daniel Stangroom

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Telephony

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Malicious apps could interfere with or control telephony functionality

&NewLine;

Description: An access control issue existed in the telephony subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling telephony functionality. This issue was addressed by enforcing access controls on interfaces exposed by the telephony daemon.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5156 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University&semi; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Twitter

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

Description: An access control issue existed in the Twitter subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling Twitter functionality. This issue was addressed by enforcing access controls on interfaces exposed by the Twitter daemon.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5157 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University&semi; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology

&NewLine;

&NewLine;

&NewLine;

&NewLine;

WebKit

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Visiting a malicious website may lead to information disclosure

&NewLine;

Description: An information disclosure issue existed in the handling of the window.webkitRequestAnimationFrame&lpar;&rpar; API. A maliciously crafted website could use an iframe to determine if another site used window.webkitRequestAnimationFrame&lpar;&rpar;. This issue was addressed through improved handling of window.webkitRequestAnimationFrame&lpar;&rpar;.&NewLine; &NewLine; CVE-ID

&NewLine; CVE-2013-5159

&NewLine;

&NewLine;

&NewLine;

WebKit

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Copying and pasting a malicious HTML snippet may lead to a cross-site scripting attack

&NewLine;

Description: A cross-site scripting issue existed in the handling of copied and pasted data in HTML documents. This issue was addressed through additional validation of pasted content.

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

&NewLine;

Description: A cross-site scripting issue existed in the handling of iframes. This issue was addressed through improved origin tracking.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook

&NewLine;

&NewLine;

&NewLine;

&NewLine;

WebKit

&NewLine;

Available for: iPhone 3GS and later, iPod touch &lpar;4th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Visiting a maliciously crafted website may lead to an information disclosure

&NewLine;

Description: An information disclosure issue existed in XSSAuditor. This issue was addressed through improved handling of URLs.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-2848 : Egor Homakov

&NewLine;

&NewLine;

&NewLine;

&NewLine;

WebKit

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Dragging or pasting a selection may lead to a cross-site scripting attack

&NewLine;

Description: Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. This issue is addressed through additional validation of content before a paste or a drag and drop operation.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5129 : Mario Heiderich

&NewLine;

&NewLine;

&NewLine;

&NewLine;

WebKit

&NewLine;

Available for: iPhone 4 and later, iPod touch &lpar;5th generation&rpar; and later, iPad 2 and later

&NewLine;

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

&NewLine;

Description: A cross-site scripting issue existed in the handling of URLs. This issue was addressed through improved origin tracking.

&NewLine;

CVE-ID

&NewLine;

CVE-2013-5131 : Erling A Ellingsen

&NewLine;

&NewLine;

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.